Identity theft is now big business in the world. I'd be willing to bet some hard yankee money that everyone on this list has encountered at least one phishing attack by now. A nice formal e-mail from a bank, or eBay, or some other place where you have an online account.
Nonprofits haven't been hit yet, but it's just a matter of time. If I wanted to make some money with a phishing scam, I'd select some well-known nonprofit and launch an online appeal in their name. St. Jude's Hospital would be a good one, since they had a national advertising campaign at Christmas time. The Web page would make it very convenient to contribute online in a secure environment. If I was really sophisticated, I'd say that Pay Pal had donated a special service to St. Jude's. Since it is separate from the regular Pay Pal, contributors will have to set up a new account. Then provide a nice link that duplicates the Pay Pal account process. Or, it might be possible to hijack the regular Pay Pal account.
St. Jude's might never know that they'd been the victim of a phishing scam. And Pay Pal would have to make good the losses to preserve their reputation.
So online identity management might not be on the radar now, but a well-publicized attack is on its way. And that's going to damage online contributing a lot.
-----original message-----
>>For most of us in the nonprofit sector, online identity management is a pretty abstract issue, but it's one that we'll have to confront. After all, we're all about civil society - which means community building and fostering networks of trust. As more of our stakeholders go online, we'll have to understand and use the right identity management tools.>>
.
